Why NHIs Are Security's Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities NHIs. At the top...

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

The U.S. Cyber Safety Review Board CSRB has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland...

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

The Irish Data Protection Commission DPC on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million $18.6 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have ...

Maze Ransomware Operators Shutting Down Their Operations

By Deeba Ahmed In a bizarre announcement, the Maze ransomware gang revealed that their only aim was to reveal the security lapses at their targets. This is a post from HackRead.com Read the original post: Maze Ransomware Operators Shutting Down Their Operations...

LinkedIn Faux Pas Shines Light on Certificate Management

Visibility and control of digital certificates remains a challenge for even the largest enterprises, as evidenced by a high profile incident this week affecting Microsoft’s LinkedIn. Users accessing LinkedIn on Tuesday got a warning from their browsers alerting them about an insecure connection...

Bluetooth's Complexity Has Become a Security Risk

Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly the root of a lot of security lapses...

A week in security (October 9 – October 15)

Last week on the Labs blog, we talked about GDPR as part of our series in the National Cyber Security Awareness Month NCSAM. We also discussed a new method for phishing Apple ID passwords and the possible ramifications. We analyzed the malvertising chain due to a script that was found on popular...

Insulin Pump Hack Garners Federal Attention

The hack of a commercially available insulin pump earlier this month at the DEFCON hacker conference has attracted the attention of members of the House Energy & Commerce Committee, which is now calling for a formal review of wireless medical devices like the pump. Senior Committee members Anna G...

Citigroup Admits Info on 200K Customers Stolen in Network Compromise

Citigroup is warning its credit card users that attackers have stolen account information belonging to 200,000 customers. The breach apparently was discovered last month. The attackers who compromised Citigroup’s network were able to get customer names, account numbers and other data, including...